npm - @workos/mcp-docs-server - Versions diffs - 0.1.0 - Mend

@workos/mcp-docs-server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (455) hide show

package/.docs/organized/docs/glossary.mdx ADDED Viewed

@@ -0,0 +1,184 @@
+---
+title: Glossary
+description: "Terminology and concepts used in\_the\_WorkOS documentation."
+breadcrumb:
+  title: Home
+  url: /
+originalPath: .tmp-workos-clone/packages/docs/content/glossary.mdx
+---
+<GlossaryMarker>A</GlossaryMarker>
+## Access Token
+An access token represents the successful authorization of your application to access a user’s profile. During the Single Sign-On authorization flow, you’ll receive an access token and profile in exchange for your authorization code.
+## ACS URL
+An Assertion Consumer Service URL (ACS URL) is an endpoint where an identity provider posts SAML responses.
+## API Key
+A unique identifier used to authenticate your API requests.
+## Attribute Mapping
+Attribute mapping allows IT administrators to customize the user claims that are sent to your application. WorkOS normalizes these claims, so you can depend on a reliable, expected set of user profile information.
+## Authorization Code
+An authorization code is a temporary code that you will exchange for an access token. During the Single Sign-On authorization flow, you’ll exchange your authorization Code for an access token and profile.
+## Authentication Challenge
+An authentication challenge, also known as challenge-response authentication, is a set of protocols that helps validate actions and protect resources from unauthorized access.
+## Authentication Factor
+An authentication factor is a category of credential that is intended to verify, sometimes in combination with other factors, that an entity requesting access to some system is who, or what, they are declared to be.
+## Authorization URL
+An authorization URL is the location your user will be directed to for authentication.
+<GlossaryMarker>B</GlossaryMarker>
+## Bearer Token
+A Bearer Token is an HTTP authentication scheme that uses a single security token to act as the authentication of an API request. The client must send this token in the Authorization header when making requests to protected resources.
+In the context of a Directory Sync integration, a Bearer Token is generated by WorkOS for SCIM providers such as Okta to authenticate endpoint requests.
+<GlossaryMarker>C</GlossaryMarker>
+## Client ID
+The client ID is a public identifier for your application that maps to a specific WorkOS environment.
+## Client Secret
+The client secret is a value only known to your application and an OAuth identity provider. Currently, client secrets are used in OpenID Connect and Google/Microsoft/GitHub OAuth connections.
+## Connection
+A connection is a way for a group of users (typically in a single organization) to sign in to your application.
+A directory connection is a way to retrieve a complete list of users and groups from an organization.
+<GlossaryMarker>D</GlossaryMarker>
+## Discovery Endpoint
+An OIDC discovery endpoint is a URL that provides metadata about an OIDC provider, including the issuer URL, supported authentication and token endpoints, supported scopes, public keys for signature verification, and other configuration information.
+The discovery endpoint path is `/.well-known/openid-configuration` on a URL.
+Clients can use this endpoint to dynamically discover and interact with an OIDC provider without requiring manual configuration.
+## Directory Group
+A directory group is a collection of users within an organization who have been provisioned with access to your application.
+## Directory Provider
+A directory provider is the source of truth for your enterprise client’s user and group lists.
+## Directory User
+A directory user is a person or entity within an organization who has been provisioned access to your application.
+<GlossaryMarker>E</GlossaryMarker>
+## Endpoint
+An endpoint is a location where an API receives requests about a specific resource.
+In the context of a Directory Sync integration, an endpoint is the standardized SCIM definition of two things: a `/Users` endpoint and a `/Groups` endpoint.
+<GlossaryMarker>H</GlossaryMarker>
+## HRIS
+A Human Resources Information System (HRIS) is software designed to maintain, manage, and process detailed employee information and human resources-related policies.
+<GlossaryMarker>I</GlossaryMarker>
+## IdP
+An Identity Provider (IdP) is the source of truth for your enterprise client’s user database and authentication. Sometimes referred when describing the IdP-initiated flow, which is an authentication flow that starts from an identity provider like Okta instead of your application.
+## IdP URI (Entity ID)
+An Identity Provider URI (Entity ID) is a globally unique name for an identity provider that performs SAML authentication assertions. Sometimes referred to as Identity Provider Issuer (Okta, Entra ID).
+## IdP SSO URL
+An Identity Provider SSO URL (IdP SSO) is the URL your application’s users will be redirected to for authentication with an identity provider. Sometimes referred to as Identity Provider SAML 2.0 Endpoint (OneLogin).
+## IdP Metadata
+An Identity Provider Metadata (IdP Metadata) is the URL or XML file containing all of the metadata relevant to a specific identity provider. It includes attributes used by a service provider to route SAML messages, which minimizes the possibility of a rogue identity provider orchestrating a man-in-the-middle attack.
+<GlossaryMarker>J</GlossaryMarker>
+## JIT User Provisioning
+Just-in-time (JIT) user provisioning creates a user in an app when the user attempts to sign in for the first time. The account and respective role doesn’t exist until the user creates it – just-in-time.
+## JWT
+JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.
+<GlossaryMarker>O</GlossaryMarker>
+## Logout URI
+An allowlisted location a user will be redirected to after their session has been ended by the Logout API.
+## OAuth 2.0
+OAuth 2.0 is an open standard for authorization. WorkOS supports OAuth 2.0, and our Single Sign-On API is modeled after concepts found in OAuth.
+## OIDC
+OpenID Connect (OIDC) is an open standard and identity layer built on top of the OAuth 2.0 framework.
+<GlossaryMarker>R</GlossaryMarker>
+## Redirect URI
+A redirect URI is a required, allowlisted callback URL. The redirect URI indicates the location to return an authorized user to after an authorization code is granted, and the authentication process is complete.
+<GlossaryMarker>S</GlossaryMarker>
+## SAML
+Security Assertion Markup Language (SAML) is an open standard for authentication. Most of your enterprise clients will require SAML 2.0 authentication for their Single Sign-On.
+## SCIM
+System for Cross-domain Identity Management (SCIM) is an open standard for managing automated user and group provisioning. It’s a standard that many directory providers interface with.
+## SP
+Service Provider (SP) is SAML parlance for “your application”. Sometimes referred when describing the SP-initiated flow, which is an authentication flow that starts from your application instead of an identity provider like Okta.
+## SP Entity ID
+A Service Provider (SP) Entity ID is a globally unique name for a service provider that performs SAML authentication requests, and is the intended audience for SAML responses. It is sometimes referred to as the Audience value.
+## SP Metadata
+Service Provider Metadata (SP Metadata) is an XML file containing all of the metadata relevant to a specific service provider. Identity providers will use SP metadata files to make onboarding your application easier.
+<GlossaryMarker>T</GlossaryMarker>
+## TOTP
+Time-based One-time Password (TOTP) is a temporary code, generated by an algorithm that uses the current time as a source of uniqueness.
+<GlossaryMarker>X</GlossaryMarker>
+## X.509 Certificate
+An X.509 Certificate is a public key certificate used to authenticate SAML assertions. Sometimes referred to as Token Signature (AD FS).

package/.docs/organized/docs/integrations/_navigation.mdx ADDED Viewed

@@ -0,0 +1,6 @@
+---
+title: Integrations
+links: []
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/_navigation.mdx
+---

package/.docs/organized/docs/integrations/access-people-hr.mdx ADDED Viewed

@@ -0,0 +1,87 @@
+---
+title: Access People HR
+description: "Learn about syncing your user list with\_Access People HR."
+icon: access-people-hr
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/access-people-hr.mdx
+---
+## Introduction
+This guide outlines how to synchronize your application’s Access People HR directories.
+To synchronize an organization’s users and groups provisioned for your application, you’ll need the following information from the organization:
+- Access People HR API key
+> Note: The Access People HR integration isn't enabled by default in the WorkOS Dashboard or Admin Portal. Please reach out to [support@workos.com](mailto:support@workos.com) or via your team’s WorkOS Slack channel if you would like Access People HR enabled.
+---
+## (1) Create an API Key
+The organization will need to create an API key for you. First, they’ll need to log in to their Access People HR admin dashboard and select to the “Settings” page from the side bar menu. Then, select “API” from the Settings side bar menu. On the API Key Management page, select the plus sign to add a new API Key.
+![A screenshot showing where to find the plus sign in the Access People HR Dashboard.](https://images.workoscdn.com/images/9cbff13f-9ea3-442a-90ae-7c135e14e07b.png?auto=format&fit=clip&q=50)
+In the API Key Generator, give the API Key a descriptive name. Under “Application”, select “Employee”.
+![A screenshot showing where the "Employee" option is location in the Access People HR Dashboard.](https://images.workoscdn.com/images/02f54969-422c-4f17-9c34-559bd419cf3e.png?auto=format&fit=clip&q=50)
+On the Select Permissions page, check only “Get All Employee Detail” and then select “Save”.
+![A screenshot showing where to select the "Get All Employee Detail" permission is located in the Access People HR Dashboard.](https://images.workoscdn.com/images/7387653b-7d30-4733-96e4-033004396449.png?auto=format&fit=clip&q=50)
+On the API Key Generator page, select “Save”.
+![A screenshot showing the API Key Generator page in the Access People HR Dashboard.](https://images.workoscdn.com/images/c58ba765-8015-4776-8fe0-6260de530d52.png?auto=format&fit=clip&q=50)
+Copy and save the API key – this will be used in Step 3.
+![A screenshot showing the copy icon in the Access People HR Dashboard.](https://images.workoscdn.com/images/a8248b85-173a-4f6b-812f-f58b9abfc9f1.png?auto=format&fit=clip&q=50)
+---
+## (2) Create your Directory Sync Connection
+Login to your WorkOS dashboard and select “Organizations” from the left hand Navigation bar
+Select the Organization you’d like to enable an Access People HR Directory Sync connection for.
+On the Organization’s page click “Manually Configure Directory”.
+![A screenshot showing where to find “Manually Configure Directory” for an Organization in the WorkOS Dashboard.](https://images.workoscdn.com/images/ed383bc9-e626-4d2c-bbfd-78dbe8bbc5d4.png?auto=format&fit=clip&q=50)
+Select “Access People HR” as the Directory Provider, and then provide a descriptive name for the connection. Select “Create Directory”.
+![A screenshot showing Create Directory details in the WorkOS Dashboard.](https://images.workoscdn.com/images/cc5dde6b-4eda-4af7-bcb9-3ec958e6bc79.png?auto=format&fit=clip&q=50)
+---
+## (3) Setup your Directory Sync Connection
+In the directory details section, select “Update Directory”.
+![A screenshot showing where to find "Update Directory" in the WorkOS Dashboard.](https://images.workoscdn.com/images/b0b0e10f-59ab-43da-b348-52b5d53bd299.png?auto=format&fit=clip&q=50)
+Enter your API Key from Step 1, and select “Save Directory Details”.
+![A screenshot showing where to enter your API Key in the WorkOS Dashboard.](https://images.workoscdn.com/images/31881779-5153-4193-a5bd-316b9684650b.png?auto=format&fit=clip&q=50)
+---
+## (4) Sync Users and Groups to Your Application
+Now, you should see users and groups synced over from Access People HR.
+Departments from Access People HR are synced as groups in WorkOS. All users are synced, but only those marked as “ACTIVE” or “LEAVER_MARKED” have a state of active.
+---
+## Frequently asked questions
+### How often do Access People HR directories perform a sync?
+Access People HR directories poll every 30 minutes starting from the time of the initial sync.

package/.docs/organized/docs/integrations/adp-oidc.mdx ADDED Viewed

@@ -0,0 +1,103 @@
+---
+title: ADP OpenID Connect
+description: "Learn how to configure a connection to\_ADP via\_OIDC."
+icon: adp
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/adp-oidc.mdx
+---
+## Introduction
+Each SSO Identity Provider requires specific information to create and configure a new [Connection](/glossary/connection). Often, the information required to create a connection will differ by Identity Provider.
+ADP is unique in that it authenticates using the Open ID Connect (OIDC) protocol instead of [SAML](/glossary/saml). This means that instead of providing an [ACS URL](/glossary/acs-url) and [SP Entity ID](/glossary/sp-entity-id) into the IdP, The IdP will provide a client ID and secret. ADP also provides an SSL Certificate and Private RSA Key file to authenticate. These four pieces of information will all need to be uploaded into the WorkOS dashboard in the steps below.
+---
+## (1) Create a New ADP OIDC Connection in WorkOS
+Navigate to the Organization in your WorkOS Dashboard under which you would like to set up this new SSO connection. Click on the "Manually Configure Connection" button.
+![A screenshot showing where to find "Manually Configure Connection" in the WorkOS Dashboard.](https://images.workoscdn.com/images/b7370939-c547-4ad1-9b2d-cc8ed150b90b.png?auto=format&fit=clip&q=50)
+Select ADP OIDC as the Identity Provider and select “Create Connection”.
+![A screenshot showing "Create Connection" details in the WorkOS Dashboard.](https://images.workoscdn.com/images/e20c45f0-2842-45e0-9364-7878f493f0a4.png?auto=format&fit=clip&q=50)
+---
+## (2) Select or Create a Project in ADP
+Login to the [ADP Partner Self Service Portal](https://adpapps.adp.com/self-service/projects).
+From this page there are two environments to select from, Development and Production. Please use the environment that best suits your use-case for this SSO connection.
+In the selected environment select “Create New Project”.
+![A screenshot showing the Projects Overview page in the ADP Partner Self Service Portal.](https://images.workoscdn.com/images/39422d34-f4b8-42c2-af5a-b7c8b26dfe1f.png?auto=format&fit=clip&q=50&w=2048)
+Give the project a meaningful name to designate the SSO connection, there is no need to add a description.
+![A screenshot showing the Create New Project details in the ADP Partner Self Service Portal.](https://images.workoscdn.com/images/614daf3e-afa8-4007-9aec-f087fb60a394.png?auto=format&fit=clip&q=50&w=2048)
+Make the selections “US Marketplace” and “ADP Workforce Now” respectively for the next selections and then click “Next”.
+![A screenshot showing selection options for the ADP Marketplace in the ADP Partner Self Service Portal.](https://images.workoscdn.com/images/e38e06a8-7c82-44d3-bb58-cc7cc875b8cc.png?auto=format&fit=clip&q=50&w=2048)
+Finally, select “Other” for the use case that best describes your application and click “Submit”.
+![A screenshot showing app description selection options in the ADP Partner Self Service Portal.](https://images.workoscdn.com/images/8de31a18-444c-4a48-b41a-fd3be86b4933.png?auto=format&fit=clip&q=50)
+---
+## (3) Upload the WorkOS Redirect URI in ADP
+After configuring the ADP project, the next step is to provide ADP with the redirect URI generated by WorkOS.
+![A screenshot showing where to find the ACS URL and SP Entity ID in the WorkOS Dashboard.](https://images.workoscdn.com/images/5bc6cf1c-c327-4e81-9588-442fc61bf55d.png?auto=format&fit=clip&q=50)
+Now that a new project has been created browse to the “Development API Credentials” Tab within the project.
+Click on the “End-User/SSO sub-tab” from this view.
+Paste the [Redirect URI](/glossary/redirect-uri) into the App redirect URI field and click “Update Redirect”.
+![A screenshot showing where to place the WorkOS Single Sign-On URL and SP Entity ID in the ADP Partner Self Service Portal.](https://images.workoscdn.com/images/5ae15d57-82d5-4591-bc86-f6637a1588f7.png?auto=format&fit=clip&q=50)
+---
+## (4) Enter ADP OIDC Client Settings in your WorkOS Dashboard
+Now that the redirect URI has been provided, the next step is to gather the [Client ID](/glossary/client-id) and [Client Secret](/glossary/client-secret) from ADP and add it into the WorkOS Dashboard.
+Under the same tab used in the previous step, you’ll provide the Client ID and Client Secret from ADP. Click to reveal the secret and copy and paste both the client ID and client secret into the WorkOS dashboard.
+![A screenshot showing where to find the ADP Client Credentials in the ADP Partner Self Service Portal.](https://images.workoscdn.com/images/2c8b784a-88e5-4d63-9853-3f8eb6acd304.png?auto=format&fit=clip&q=50)
+![A screenshot showing where to enter the ADP Client Credentials WorkOS Dashboard.](https://images.workoscdn.com/images/fc0444d4-9864-4c19-ab4a-327ab914417f.png?auto=format&fit=clip&q=50)
+---
+## (5) Upload the ADP SSL Cert and Private Key in your WorkOS Dashboard
+Now that the Client ID and Secret have been provided, the next step is to gather the SSL Certificate and Private Key from ADP and add it into the WorkOS Dashboard.
+ADP uses a two fold certificate method with an SSL certificate and an SSL Private Key. The SSL Private Key is only displayed one time when the certificate is generated. If the certificate has already been generated, the IT Administrator who generated it should have also received the Private Key otherwise a new certificate and key can be generated by browsing to the certificates tab on the left hand navigation.
+The SSL Certificate can be found in ADP by browsing to “Certificate” on the left hand nav bar. You can also create a new SSL Certificate and Private Key pair if necessary.
+![A screenshot showing where to download the ADP SSL Certificate and Private Key in the ADP Partner Self Service Portal.](https://images.workoscdn.com/images/31e16dbd-3f08-41b4-9478-5a02b0c3a9f5.png?auto=format&fit=clip&q=50)
+Upload the two files into your WorkOS dashboard in their respective portals on the connection page and click “Update Connection”.
+![A screenshot showing where to upload the ADP SSL Certificate and Private Key in the WorkOS Dashboard](https://images.workoscdn.com/images/783a81be-f5c4-43ba-b2f2-25a9f1c18a8f.png?auto=format&fit=clip&q=50)
+---
+## (6) Verify Connection Status in WorkOS
+Navigate back to the connection in your WorkOS dashboard. After a minute or two you should see the connection become Active as indicated by the green badge next to the connection name.
+All that’s left to do now is test out the connection. You can use your own application if it’s connected to WorkOS already, or feel free to use one of our example applications like this [Python Flask SSO app](https://github.com/workos/python-flask-example-applications/tree/main/python-flask-sso-example) to get up and running with a PoC quickly

package/.docs/organized/docs/integrations/apple.mdx ADDED Viewed

@@ -0,0 +1,169 @@
+---
+title: Apple
+description: Learn how to set up Sign in with Apple.
+icon: apple
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/apple.mdx
+---
+## Introduction
+To configure your global Apple integration you'll need two pieces of information from WorkOS: a [Redirect URI](/glossary/redirect-uri) and an outbound email domain for Apple's Private Relay email service.
+You'll also need four pieces of information from an active Apple Developer Account: an Apple Team ID, Apple Service ID, Apple Private Key and Private Key ID.
+---
+## Testing with default credentials in the staging environment
+WorkOS provides a default set of Apple credentials, which allow you to quickly enable and test Sign in with Apple. WorkOS will automatically use the default credentials until you add your own Apple Team ID, Apple Service ID, and Apple Private Key to the configuration in the [WorkOS dashboard](https://dashboard.workos.com).
+> The default credentials are only intended for testing and therefore only available in the Staging environment. For your production environment, please follow the steps below to create and specify your own Apple Team ID, Apple Service ID, and Apple Private Key.
+Please note that when you are using WorkOS default credentials, Apple's authentication flow will display the WorkOS name, logo, and other information to users. Once you register your own application and use its credentials for the authentication flow, you will have the opportunity to customize the app.
+---
+## What WorkOS provides
+Navigate to the Authentication section of the [WorkOS dashboard](https://dashboard.workos.com/). Scroll down to the Apple OAuth section and find the following values in the configuration:
+- Redirect URI
+- outbound email domains
+![A screenshot showing the Sign in with Apple Redirect URI in the WorkOS dashboard.](https://images.workoscdn.com/images/fe6d452c-1e18-4272-a04c-efc27ee80305.png?auto=format&fit=clip&q=80)
+After the authentication process has completed and a authorization code is granted, the user will be sent to the Redirect URI.
+Outbound email domains are registered with Apple's Private Relay email service. Apple requires outbound email domains and/or email addresses to be registered with Private Relay to deliver email to those users. For more information, see Apple's documentation on [Private Relay](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/communicating_using_the_private_email_relay_service).
+These values will be used later in the guide.
+---
+## What you’ll need
+In order to integrate you'll need an active Apple Developer account. From that Apple Developer account you'll need:
+- A Team ID
+- A Service ID
+- A private key ID
+- The private key contents
+Follow these steps to retrieve these values and configure your integration with Apple.
+---
+### (1) Retrieve the Apple Team ID
+Sign in to the [certificates, identifiers, and profiles](https://developer.apple.com/account/resources/certificates/list) section of your Apple Developer account. The landing page will have your name, company name, and your Team ID. Note the Team ID value for later.
+![A screenshot showing the Team ID in the Apple Developer dashboard.](https://images.workoscdn.com/images/2edd45b9-7e84-45fa-8da2-3c6dcd5607a1.png?auto=format&fit=clip&q=80)
+> The Team ID is sensitive and will only be used by the server to communicate with Apple. It should not be shared with the client.
+### (2) Register an App ID
+> Skip this step if you already have an App ID.
+Click on _Identifiers_ on the sidebar, then click on the + button to create a new identifier.
+![A screenshot showing the Identifiers page in the Apple Developer dashboard. The Create Identifier plus button is highlighted.](https://images.workoscdn.com/images/54be9c35-f7c9-4119-9765-64299d42ff23.png?auto=format&fit=clip&q=80)
+On the next page, select _App IDs_ and click _Continue_.
+![A screenshot showing the first step in the Identifier creation wizard. App IDs is selected.](https://images.workoscdn.com/images/a028e2b5-9443-4208-aa0c-175056ac55b5.png?auto=format&fit=clip&q=80)
+Next, select _App_ and click _Continue_.
+![A screenshot showing the second step in the Identifier creation wizard. App is selected.](https://images.workoscdn.com/images/baff59f5-f060-4faf-9761-678321cc496a.png?auto=format&fit=clip&q=80)
+On the next page, fill in a description and a bundle ID. The bundle ID should be unique and in reverse domain notation, e.g., `com.example.myapp`.
+Also, check the _Sign in with Apple_ box in the Capabilities section. There is no need to update anything in the _Edit_ modal.
+![A screenshot showing the third step in the Identifier creation wizard. A placeholder Description and Bundle ID have been entered.](https://images.workoscdn.com/images/ef85061d-ff63-4d5a-8fad-a9cbefeb6786.png?auto=format&fit=clip&q=80)
+![A screenshot showing the third step in the Identifier creation wizard. The Sign in with Apple checkbox has been checked.](https://images.workoscdn.com/images/9f184ccb-40d8-4410-9250-b8ab56600452.png?auto=format&fit=clip&q=80)
+Then click _Continue_. Review your selections and click _Register_.
+### (3) Register a Service ID
+Next we need to create a linked Service ID. Click on _Identifiers_ on the sidebar, then click on the + button.
+![A screenshot showing the Identifiers page in the Apple Developer dashboard. The Create Identifier plus button is highlighted.](https://images.workoscdn.com/images/4a129d31-33c8-4976-8340-d59fc6618b67.png?auto=format&fit=clip&q=80)
+On the next page, select _Services IDs_ and click _Continue_.
+![A screenshot showing the first step in the Identifier creation wizard. Services IDs is selected.](https://images.workoscdn.com/images/2496cf53-f593-4eda-a2f9-14d6728b0c5d.png?auto=format&fit=clip&q=80)
+Enter a description and a Service ID. The Service ID should be unique and in reverse domain notation, e.g. `com.example.myapp`.
+![A screenshot showing the second step in the Identifier creation wizard. A placeholder Description and Service ID have been entered.](https://images.workoscdn.com/images/dbf69235-951c-4f1d-97b2-3a1c6854c758.png?auto=format&fit=clip&q=80)
+Click _Continue_. Note the Service ID for later and click _Register_ to create the service.
+Now we will configure our new service for Sign in with Apple. First select the new service from the list of Service IDs.
+![A screenshot showing the Identifiers page in the Apple Developer dashboard. The Service ID we just created is highlighted.](https://images.workoscdn.com/images/478f799f-298e-4dee-9b6d-ff75d02fd9f5.png?auto=format&fit=clip&q=80)
+Check the _Sign in with Apple_ box and click _Configure_.
+![A screenshot showing the Service ID Edit page. The Sign in with Apple checkbox is checked.](https://images.workoscdn.com/images/8c3e92fe-f5fc-403e-b7ee-fa215ad61ccf.png?auto=format&fit=clip&q=80)
+Ensure the App ID we created earlier is selected in the dropdown. Then enter `api.workos.com` in the _Domains and Subdomains_ field and paste the Return URI from the WorkOS dashboard in the _Return URLs_ field.
+![A screenshot showing the Service ID Sign in with Apple edit modal. Placeholder values have been placed in the inputs.](https://images.workoscdn.com/images/574617e5-4e3c-41a9-8704-dfa47bf504e2.png?auto=format&fit=clip&q=80)
+Click _Done_ and then _Continue_. Review your changes and click _Save_.
+### (4) Register a private key
+Click on _Keys_ on the sidebar, then click on the + button to create a new key.
+![A screenshot showing the Keys page in the Apple Developer dashboard. The Create Key plus button is highlighted.](https://images.workoscdn.com/images/ebeffde4-091d-4b2c-a9f9-fede59d6674a.png?auto=format&fit=clip&q=80)
+On the next page, enter a human-readable _Key Name_. Then check the _Sign in with Apple_ box and click _Configure_.
+![A screenshot showing the first step in the Key creation wizard.](https://images.workoscdn.com/images/264d1e39-ccae-4d32-80da-af2d5813723c.png?auto=format&fit=clip&q=80)
+In the _Configure_ dialog, select the App ID we created earlier and click _Save_.
+![A screenshot showing the Key Configure dialog. The App ID from the previous step is selected.](https://images.workoscdn.com/images/d1442a7c-47a3-412c-956b-415a11acda9b.png?auto=format&fit=clip&q=80)
+Click _Continue_. Review your changes and click _Register_ to create your key.
+![A screenshot showing the Download Your Key page.](https://images.workoscdn.com/images/eb032a3d-4d2a-44be-a2f5-292e901fae16.png?auto=format&fit=clip&q=80)
+Make sure to download your new private key. Also note the Key ID for later.
+### (5) Provide credentials to WorkOS
+Navigate back to the _Authentication_ section in the [WorkOS dashboard](https://dashboard.workos.com), and click on _Edit_ under _Sign in with Apple_.
+Toggle _Enabled_ on and provide the credentials from Apple that you generated in the previous steps.
+![A screenshot showing the Sign in with Apple configuration modal in the WorkOS dashboard. It has been filled out with information from earlier in this guide.](https://images.workoscdn.com/images/cfedc298-8666-4f38-ab71-f6ed777b44c1.png?auto=format&fit=clip&q=80)
+### (6) Set up Private Email Relay
+Sign in with Apple users can opt to hide their email address when signing in. In order for emails to be sent to those users, we need to configure Private Email Relay.
+On the _Sign in with Apple_ modal, copy the list of outbound email domains.
+![A screenshot showing Sign in with Apple configuration modal in the WorkOS dashboard. The outbound email domains control is highlighted.](https://images.workoscdn.com/images/8c4ae9a5-1b27-49c7-90f7-31a3010ee2b5.png?auto=format&fit=clip&q=80)
+Then open your Apple Developer account and click on _Services_ on the sidebar. Then click on _Configure_ under _Sign in with Apple for Email Communication_.
+![A screenshot showing the Services page in the Apple Developer dashboard. The Sign in with Apple Configure button is highlighted.](https://images.workoscdn.com/images/cc81ae18-450d-417f-9e22-6392b335e437.png?auto=format&fit=clip&q=80)
+Click the + button next to _Email Sources_ and enter the outbound email domains from the WorkOS dashboard in the _Domains and Subdomains_ text box. Then click _Next_ and _Register_.
+![A screenshot showing the modal to register Email Sources. The domains from the WorkOS dashboard are in the Domains and Subdomains text box.](https://images.workoscdn.com/images/021882c4-e299-44b8-9a44-fcf22f3be150.png?auto=format&fit=clip&q=80)
+![A screenshot showing the new domains with green check marks next to them.](https://images.workoscdn.com/images/fa3e78e6-688d-46a8-b4e7-1f6c788da4f6.png?auto=format&fit=clip&q=80)
+You are now ready to start authenticating with Sign in with Apple. Your users will see the option to Sign in with Apple when visiting your [AuthKit](/user-management) domain. Alternatively if you're using the [standalone SSO API](reference/sso/get-authorization-url), you can initiate Sign in with Apple by passing `AppleOAuth` as the `provider`.

package/.docs/organized/docs/integrations/auth0-directory-sync.mdx ADDED Viewed

@@ -0,0 +1,78 @@
+---
+title: Auth0 Directory Sync
+description: Learn how to use Directory Sync with your Auth0 applications.
+icon: auth0
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/auth0-directory-sync.mdx
+---
+## Introduction
+This guide will walk you through the steps to enable WorkOS Directory Sync for your Auth0 applications. If you are new to automated user provisioning and deprovisioning, the [Directory Sync](/directory-sync) introduction is a good place to learn the basics.
+> The Auth0 Directory Sync integration is in feature preview. Reach out to [WorkOS support](mailto:support@workos.com?subject=Auth0%20Directory%20Sync%20Integration) if you want early access.
+## (1) Configure Auth0 API access
+WorkOS uses Auth0 credentials you provide to automatically create and manage an Auth0 database connection. The first step is to authorize an application in Auth0 to access the Management API.
+In the Auth0 dashboard, navigate to **Applications** → **APIs** → **Auth0 Management API**:
+![A screenshot showing the “Auth0 Management API” entry on the Auth0 APIs page.](https://images.workoscdn.com/images/e2baba2e-a442-4449-90db-d1be8db41ef2.png?auto=format&fit=clip&q=50)
+Click on the **Machine To Machine Applications** tab and expand the section for your Auth0 application. Then, toggle the **Authorized** switch to enable the API.
+Under **Permissions**, ensure the following scopes are granted to the application:
+- `create:connections`
+- `create:users`
+- `read:connections`
+- `read:users`
+- `update:connections`
+- `update:users`
+Your permissions configuration should match the following screenshot:
+![A screenshot a correctly configured API application in the Auth0 dashboard.](https://images.workoscdn.com/images/13b5acb2-b5c6-4cd5-a032-0dd7afedc81a.png?auto=format&fit=clip&q=50)
+Next, navigate to **Applications** → **_Your App_** → **Settings**. You should see three fields under **Basic Information**: “Domain”, “Client ID”, and “Client Secret”.
+![A screenshot showing application credentials in the Auth0 dashboard.](https://images.workoscdn.com/images/c8303868-de12-40e5-a0cc-27bec508131c.png?auto=format&fit=clip&q=50)
+Record this information in a safe place, as you will provide it to the WorkOS dashboard in the next step.
+---
+## (2) Connect WorkOS to Auth0
+In the WorkOS dashboard, navigate to **Configuration** → **Settings** and scroll to the **Auth0 Credentials** section. Click **Set Auth0 Credentials**:
+![A screenshot showing the “Auth0 Credentials” section in the WorkOS dashboard.](https://images.workoscdn.com/images/16b3ea51-8564-4ced-86fb-f3ab9fad8d28.png?auto=format&fit=clip&q=50)
+In the modal, enter the credentials you obtained in the previous step: “API Domain”, “Client ID”, and “Client Secret”.
+![A screenshot showing the “Auth0 Credentials” form in the WorkOS dashboard.](https://images.workoscdn.com/images/3e915c68-97c0-4d1e-88e9-cda8bff7fd31.png?auto=format&fit=clip&q=50)
+Click **Save**. In the final step, you will head back to the Auth0 dashboard one last time to complete the configuration.
+---
+## (3) Enable the database connection
+After saving your credentials, WorkOS will create a database connection in your Auth0 environment. This connection will contain the users from directories in your WorkOS organizations. The next step is to enable the connection for your Auth0 application.
+In the Auth0 dashboard, navigate to **Applications** → **_Your App_** → **Connections**. You should see a connection with a `workos-dsync-` prefix in its name. Enable it for your application.
+![A screenshot showing enabled connections for an application in the Auth0 dashboard.](https://images.workoscdn.com/images/73b12882-d286-49cd-ba58-a0527eab7f4f.png?auto=format&fit=clip&q=50)
+---
+## Summary
+Your WorkOS directories will now be synchronized with your new Auth0 database connection! You are ready to use WorkOS features like [Admin Portal](/admin-portal), allowing IT admins to configure their directory provider for your application directly.
+New users provisioned into Auth0 are given a randomly generated password. They will need to reset their password before they can sign in. You can also use [WorkOS directory sync webhooks](/events/data-syncing/webhooks) to be notified when new users are provisioned, allowing you to tailor the onboarding experience for these new users, like sending a welcome email.
+Deprovisioned users will be deleted from the Auth0 database connection. If you need to perform additional cleanup in your application, you can receive WorkOS directory sync webhooks for delete events as well.